<?php
include_once("inc.admin.php");
$this_title="$vars[admin_title] - Execute SQL";

if(!$pv["task"]["Execute SQL"]){
 print format_admin_page(format_err("You do not have the privilege to Execute SQL.<br />\n"), $this_title);
 exit;
}

if($_POST["do_sql"] && $get_s["aj"]){
 $sql=$post_s["sql1"]? $post_s["sql1"] : $post_s["sql2"];
 if(mysql_query($sql)){
  $msg="The SQL statement has been successfully executed.<br />\n";
 }else{
  $errmsg="SQL execution failed.<br />\n<br />\nError: ".mysql_error()."<br />\n";
 }

 $status=$errmsg? 2 : 1;
 print format_xml(array("status"=>$status, "msg"=>($errmsg? $errmsg : $msg)));
 exit();
}

$execute_sql="
<h3>Execute SQL</h3>
$msg $errmsg
<form name='sql' id='sql' method='post' action='$this_file?aj=1'>
<input type='hidden' name='do_sql' value='1' />
<div id='msg_box'></div>
SQL Statement here: <br />\n
<input type='text' name='sql1' value=\"$sql1\" style=\"width:450px;\"><br />\nOR here:<br />\n
<textarea name='sql2' rows='10' style=\"width:450px;\">$sql2</textarea><br />\n<br />\n
<input type='submit' value='Execute'>
</form>";

$jvscript=
"<script type='text/javascript' src=\"".JS_URL."/jquery.js.php\"></script>

<script type='text/javascript'>
jQuery(document).ready(function(q){
 q('form#sql').submit(function(){
  q(':submit', this).attr('disabled','disabled');
  q('div#msg_box').spinner();
  q.ajax({
   url: '$vars[this_file]?aj=1',
   type: 'POST',
   data: q('form#sql').serialize(),
   dataType: 'xml',
   error: function(a, textT, errorT){
    q('div#msg_box').html('<div>Opps, some error occur and your request cannot be sent.</div>').addClass('msg_err');
   },
   success: function(data){
    if(q('loggedout', data).text()=='loggedout'){//logout
     q('div#msg_box').html('<div>You have been logged out.</div>').addClass('msg_err');
    }else{
     var mesg='';
     q(data).find('msg').each(function(){
      mesg+=q(this).text()+'<br />';
     });
     var msg_class=q('status', data).text()==1? 'msg_msg' : 'msg_err';
     q(\"div#msg_box\").html('<div>'+mesg+'</div>').addClass(msg_class);
    }
   },
   complete: function(){
    q('form#sql :submit').attr('disabled','');
   }
  });
  return false;
 });
});
</script>";

$content=$execute_sql;

print format_admin_page($content, $this_title, $jvscript);
?>